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We propose a validity preserving translation from a subset of epistemic Alternating-time Temporal 
Logic (ATL) to epistemic Computation Tree Logic (CTL). The considered subset of epistemic ATL is 
known to have the finite model property and decidable model-checking. This entails the decidability 
of validity but the implied algorithm is unfeasible. Reducing the validity problem to that in a corre- 
sponding system of CTL makes the techniques for automated deduction for that logic available for 
the handling of the apparently more complex system of ATL. 

Introduction 

The strategic cooperation modalities of alternating time temporal logic {ATL, [AHK97, AHK02]) gen- 
eralize the path quantifier V of computation tree logic (CTL). Combinations of ATL with modal logics 
of knowledge |vdHW03, JvdH04] extend temporal logics of knowledge (cf. e.g [FHMV95]) in the way 
ATL extends CTL. Automated deduction for CTL and linear time epistemic temporal logics has been 
studied extensively MFDPO 1 1 |BDF99l IGS09a[ IGS09bl ■ There is much less work on the topic for ATL, and 
hardly any for its epistemic extensions. The decidability of validity in ATL with complete information 
was established in HGvD 061 as a consequence of the. finite model property, where the completeness of a 
Hilbert-style proof system was given too. Hilbert-style proof systems are known to be unsuitable for au- 
tomating proof search. The situation was remedied by a tableau-based decision procedure developed in 
[GS09c |. Along with that, the same authors developed tableau systems for branching epistemic temporal 
logics in HGS09bl . Temporal resolution (cf. e.g. [FDPOT]), which is well understood for linear time 
logics and their epistemic extensions, was considered for ATL in [ZhalO], but only for the ((.))o-subset, 
which is similar to coalition logic [Pau02] and enables only reasoning about a fixed number of steps. To 
our knowledge, no similar work has been done for systems epistemic ATL. 

In this paper we continue the study IG DE111 of a system of ATL with the operator of distributed 
knowledge under the perfect recall assumption. In HGDE1U we established the finite model property for 
a subset, and a model-checking algorithm for the whole system. That algorithm assumed that coalition 
members can use the distributed knowledge of their coalitions to guide their actions. Dropping that 
assumption is known to render model-checking undecidable HDT11II . As expected, the validity-checking 
algorithm which these results imply is unfeasible. 

In this paper we propose a validity preserving translation from another subset of that logic into epis- 
temic CTL, with distributed knowledge and perfect recall again. As it becomes clear below, the need to 
consider a subset appears to be due to the lack of connectives in epistemic CTL to capture some interac- 
tions between knowledge and the progress of time. The translation makes no assumption on coordination 
within coalitions and there is no dependence on the availability of the past temporal modalities which 
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are featured in the axiomatization from HGDE111 . A semantic assumption that we keep is finite branch- 
ing: only finitely many states should be reachable in one step from any state and models should have 
only finitely many initial states. Dropping that assumption would disable the nxpoint characterization of 
(.U.)-objectives that we exploit, because of the requirement on strategies to be uniform. The translation 
enables the use of the known techniques for mechanized proof in the apparently simpler logic CTL and 
its epistemic extensions MBF991 lGS0 9bl. Building on our previous work HGDE111 . we work with the 
semantics of ATL on interpreted systems in their form adopted in [LR06 |. 

1 Preliminaries 

1.1 Propositional epistemic ATL with perfect recall (ATLf R ) 

The syntax of ATLf R formulas can be given by the BNF 

(p, ¥ ::=±\p\((p^Y)\ D r <p | «r» o <p | «r»(«pUvO I n(<pUyO 
Here T ranges over finite sets of agents, and p ranges over propositional variables. In this paper we 
exclude the past temporal operators as their presence does not affect the working of our translation. 

An interpreted system is defined with respect to some given finite set £ = { 1 , . . . ,N} of agents, and a 
set of propositional variables (atomic propositions) AP. There is also an environment e E; in the sequel 
we write E e for E U {e}. 

Definition 1 (interpreted systems) An interpreted system for £ and AP is a tuple of the form 

{{L i :ieY. e ),I 1 {Act i :ieI. e ),t,V) (1) 

where: 

Li, i G E e , are nonempty sets of local states; Lp stands for T[ L,, T C E e ; 

ier 

elements of L Ze are called global states; 

I C L% e is a nonempty set of initial global states; 

Acti, i G E e , are nonempty sets of actions; Actr stands for Yl Actf, 

ier 

t : Lz e x Act Ze — > Lz e is a transition function; 
V C L% e x AP is a valuation of the atomic propositions. 
For every i G L e and l', l" G L Ze such that l[ = l" and l' e = I" the function t satisfies (t(V »),• = (f(/",a)) f . 

In the literature an interpreted system also includes a protocol to specify the actions which are permit- 
ted at every particular state. Protocols are not essential to our study here as the effect of a prohibited 
action can be set to that of some fixed permitted action (which is always supposed to exist) to produce 
an equivalent system in which all actions are always permitted. Our variant of interpreted systems is 
boixowed from [LR06] and has a technically convenient feature which is not present in other works 
I FH M V95l |LQRJ : every agent's next local state can be directlty affected by the local state of the envi- 
ronment through the transition function. Here follow the technical notions that are relevant to satisfaction 
of ATL formulas on interpreted systems. 

Definition 2 (global runs and local runs) Given an n < CO, a run of length n is a sequence 

r = lWOa l ...EL Ze (Act z Lz e ) n 

such that 1° G / and l J+l = t(P,a J ) for all j < n. A run is infinite, if n = co; otherwise it is finite. In either 
case we write |r| for the length n of r. (Note that a run of length n < CO is indeed a sequence of 2n + 1 
states and actions.) 
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Given r as above and r C I, we write rp for the corresponding local run 
$4...a n T y l1eL Y {Act T L T ) n 

of r in which l ] Y = (if : i G F) and a J T = (af : i G T) . 

We denote the set of all runs of some fixed length n < co, the set of all finite runs, and the set of all 
runs in IS by R n (IS), R fin {IS) and R(IS), respectively. 

Given i,j < CO and an r as above such that i < j < \r\, we write r[i..j] for l'a' . . .a? V . 



Definition 3 (indiscernibility) Given r',r" G R(IS) and i < |r'|, \r"\, we write r 1 ~ Ti r" if r'[0../]r = 
r"[0../]r- We write r' ~r r" for the conjunction of r' ~r,|r'| r " and \r'\ = |r"|. 

Sequences of the form r% consist of ()s, and, consequently, [r]a is the class of all the runs of length \r\. 
Obviously ~r> and ~r are equivalence relations on R(IS). 



Definition 4 We denote {/ G R(IS) : r 1 ~ r r} by [r] r . 



Definition 5 (coalition strategies) A strategy for T C E is a vector * = (j; : j G T) of functions ^ of 
type {r, : r G R^"(IS)} — > Acf,-. We write 5(r,/5) for the set of all the strategies for T in the considered 
interpreted system IS. Given s G S(T,IS) and r G Rfi n (IS), we write out(r,j) for the set 

{r' = l°a°...a n - i l n ... £R a {IS) :r'[0..\r\] = r,aj = Si (r[0..j] r ) for aR i eT md j> \r\}. 

of the outcomes of r when T sticks to s from step |r| on. Given an X C Rfi n (IS), out(X,s) is |J out(r,5'). 

rex 

Strategies, as defined above, are determined by the local views of the considered coalition members and 
are therefore uniform. 

Definition 6 (modelling relation of ATL^) The relation IS, r \= <p is defined for r G R^" (IS) and formu- 
las (p by the clauses: 
IS,rfi±; 

IS,l°a° . . .a n ~ l l n \= p iff V(l n ,p) for atomic propositions p; 
IS,r\=(p^\j/ iff either IS, r ty= cp or IS, r\=y; 

IS, r \= D r (p iff IS, / \= <p for all r' G [r] r ; 

LS, r |= ((r)} o <p iff there exists an s G S(r,IS) such that 

75,r'[0..|r| + 1] |= <p for all r' G out([r] r ,j); 
IS,r \= ((r)) ((pUy) iff there exists an s G S(T,IS) s. t. for every r 1 G out([r]r, j) there exists 

aKffls. t. /5,r'[0..|r|+i] |= (jp for all i < k and IS,r'[0..\r\ +k) \= y, 
IS,r \= [[r]](<pUi/A) iff for every s G S(T,IS) there exist an r 1 G out([r]r,j) and a < ft) s. t. 

ISy[0..\r\+i] ^^forall/<^:and/5,r / [0..|r|+A:] \=y. 
Validity of formulas in entire interpreted systems and on the class of all interpreted systems, that is, in 
the logic ATLf R , is defined as satisfaction at all 0-length runs in the considered interpreted system, and at 
all the 0-length runs in all the systems in the considered class, respectively. 

In this paper we assume that each coalition member uses only its own observation power in following a 
coalition strategy. Allowing coalition members to share their observations gives rise to a more general 
form of strategy, which are functions of type {rp : r G R^ n (IS)} — > Actr, and which was assumed by the 
model-checkig algorithm proposed in [GDE11|. 
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Abbreviations 

T, -i, V, A and <3> have their usual meanings. To keep the use of ( and ) down, we assume that unary 
connectives bind the strongest, the binary modalities ((r)) (.U.) and [[r]] (.U.), and the derived ones below, 
bind the weakest, and their parentheses are never omitted, and the binary boolean connectives come in 
the middle, in decreasing order of their binding power as follows: A, V, and We enumerate 
coalitions without the { and }. E.g., the shortest way to write => q) A P{ I }r)UD{ 2 ,3}(rV^))) 

is ((l))((/?=>4)APirUD 2 ,3(rVtf)). We write P for the dual of D: 

Pr<P ^ -iDr—ip. 

The rest of the combinations of the cooperation modality and future temporal connectives are defined by 
the clauses 

<(r»o<p ^ «r»(TU«p) «r»D«p ^ flo. ? «r))(9Wy) ^ 

[[r]]<xp ^ [[r]](TU<p) [[r]]a<p ^ -<(r»o-<p [[r]](<pWvA) ^ -«r))(-yu-VA-*>) 

1.2 ATL^ with epistemic objectives only 

In IIGDE11II we axiomatized a subset of ATL^ R with past in which ((.)}(.U.) was allowed only in the 
derived construct ((r))ODr<p, and [[.]](. U.) was allowed only in the derived construct ((r))D<p. Because 
of the validity of the equivalences 

<(r» o <p & ((D) o D T (p and «r»n«p & ((r))nD r <p, 

that entailed that all the objectives allowed in that subset were epistemic. We argued that, under some 
assumptions, any ((.))(.U.) formula could be transformed into an equivalent one of the form ((r))OD r <p 
thus asserting the significance of the considered subset. Both the axiomatization and the reduction to 
epistemic goals relied on the presence of the past operators. In this paper we consider another subset of 
ATL,f R . Its formulas have the syntax 

<p,y ::= _L I p I (9 W) I Dr<P I {{T))oq>\ ((r))(D r <pUD r ^) (2) 

Unlike the subset from [GDE11], here we allow formulas of the form ((r))(Dr<pUDr^)- However, we 
exclude even the special case ((r))D<p of the use of [[r]](Pr/<pUPry). The reasons are discussed in the 
end of Section [2 

1.3 CTL with distributed knowledge 

This is the target logic of our translation. Its formulas have the syntax 

<p, y.:= JL | p | (<p =>- y) I D r <p | 3o <p | 3(<pUy/) | V(<pUi//) 

where T ranges over finite sets of agents as above. The clauses for the semantics of the connectives in 
common with ATLf R are as in ATL,f R ; the clauses about formulas built using 3 and V are as follows: 
IS,r \= 3o <p iff there exists an r 1 G R^ +l (IS) such that r = r'[0..\r\] and IS,r' (= <p; 
IS,r \= 3(<pU 1//) iff there exists an r 1 G R a (IS) such that r = r'[0..|r[] and a k < (0 

such that IS, r 1 [0.. \ r\ + i] f= (p for all i < k and IS, r 1 [0.. \r\ + jfc] |= i/a; 
75, r |= V(pUy/') iff for every / G R a {IS) such that r = r'[0..|rj] there exists a k < (0 such that 
75,r'[0..|r[ + /] [= 9 for all i < k and/5,r'[0..|r| +k] \= y. 
Note that the the occurrences of D is vital for the validity of the equivalences 

P 3o<p^ [[0]]o<p, P 3(<pUi/A)^ [0](pUYO and D V(pUvO ((0))(q»Uy)- 
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in the combined language of ATLj R and CTL because of the requirement on strategies to be uniform; e.g., 
((0)) (<pU y) means that (<pU y) holds along all the extensions of all the runs which are indiscernible from 
the reference run to the empty coalition. Therefore here ((0)} does not subsume V in the straightforward 
way known about the case ATL of complete information. 

The combination Vo and the combinations of 3 and V with the derived temporal connectives (.W.), 
O and □ are defined in the usual way. 

2 A validity preserving translation into CTL + D with perfect recall 

Our translation captures the subset of ATL which is given by the BNF 

(p,y::=±\p\((p^y)\e(p\ (<pSy) | D r <p | ((T)>°9 I ((r))(D r <pUD r y) 

We explain how to eliminate occurrences of ((.)) in formulas of the form ((r))(Dr<pUD r y) first. In the 
sequel we write [a/p]j5 for the substitution of the occurrences of atomic proposition p in j3 by a. 

Proposition 7 Assuming that p and q are fresh atomic propositions, the satisfiability of 
[((r))(DrpU Dry) ( at a ^-length run) is equivalent to the satisfiability of 
X A D0VnCpV^D r yV(Dr<pA((r))og)) 

A D VD(/?<^ D r yV(D r <pA((r))o jP )) (3) 
A D Vn (/?=>- D r y V (D r <p A VoV(<? ^ D r <pUg => D r y))). 

Next we explain how to eliminate occurrences of the "basic" ATL construct ((r)) o (p. Let IS stand for 
some arbitrary interpreted system ([D with finite branching, with £ = {1, .. . ,N} as its set of agents, AP 
as its vocabulary. We adapt the following simple observation, which works in case Actj, i G £ are fixed. 
Readers who are familiar with the original semantics of ATL on alternating transition systems (ATS) 
from [AHK97] will recognize the similarity of our technique with the transformation of concurrent 
game structures into equivalent ATS from [GJ04 ]. Assuming that Actj, i G lL e , are pairwise disjoint, and 
disjoint with AP, we consider the vocabulary AP Act = APU (J Actj. 

Definition 8 Given IS and * ^ U Actj, we define the interpreted system 

IS Act = ((Lf ct : i G L e ),I Act , (Actj : i G Z e ),t Act , V Act ) 
by putting: 

L Act = Ljx(ActjU{*}), ieH e ; 

I Act = {«/,-,*> :iEE e > :/€/}; 

t Act (((lj,aj) : i G Z e ),b) = (((t(l,b))j,bj) : i G L e ); 

V Act (((lj,aj):ieL e ),p) o V ((/,-, :i G L e ),p) for p G AP; 

V Act (((lj,aj) : i G H e ),b) o b = aj for b G Actj, j G L e . 

In short, an IS Act state is an IS state augmented with a record of the actions which lead to it, the dummy 
symbol * being used in initial states. Let/? C L^ ct x L£ ct and R(({h, a,) : i G L e ),((vj,bj) : i G L e }) iff v = 
t Act (l,b). Then 75 Art ,r |= 3 o <p iff IS Act ,ral' \L <p for some /' G «(/) and the only a G Ac/ Se such that 
ral' G Rfi n (IS Act ). The key observation in our approach is that 

IS, 4)) o<p iff 75 Art ,/ rt h V ••• V D {f.,..-A} Vo ( A^^VJ W 

flijGAc/,, a ik eAct ik \j=l / 
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For this observation to work without refering to the actions in the particular interpreted system, given 
an arbitrary IS, we enrich it with dedicated actions which are linked to the objectives occurring in the 
considered formula. We define the transition function on these actions so that if a particular o<p-objective 
can be achieved at finite run r at all, then it can be achieved by taking the corresponding dedicated actions 
at the last state of r. This can be achieved in forest-like systems where runs can be determined from their 
final states. Similarly, we introduce express actions for the environment that enable it to foil objectives at 
states at which they objectives cannot be achieved by the respective coalitions using any strategy based 
on the original actions. (Giving the environment such powers does not affect the satisfaction of formulas 
as it never participates in coalitions.) The sets Acti, i G L e of atomic propositions by which we model 
actions satisfy the formula 

A(Act l ,...,Act N ,Act e )^± A ••• A A 3o A a '' 

which states that any vector of actions from Act^ produces a transition. Consider an ATLf R formula of 
the form below with no occurrences of (.U.) -objectives: 

XAD< d \/nA(Acti,...,Act N ,Act e ) (5) 

Here Act\, . . . ,Act^,Act e consist of the atomic propositions which have been introduced to eliminate 
((r)) o (jo-subformulas so far. For the original % we assume Acti = {nop,}, i G L e , where nop ; have no 
specified effect. We remove the occurrences of ((r)) o<p-subformulas in % working bottom-up as follows. 



Proposition 9 Let arj,<p> i G TU {e}, be fresh atomic propositions, Act\ = Ac?,-U {ar,i,<p}far i G TU {e} 
and Act] = Acti for i G T \ T. Then the satisfiability of 

[«r» o (p/p]x A D VQ AiActi ,Act N ,Act e ) (6) 

entails the satisfiability of the formula 

(7) 



D r Vo ( A^ar,;^ => (p ) jp 



D VQ (^D r V o I A a r ,-,«p <p j V P r V o (a r ,e,<p ^ -<p)J A 

D e VDA(Art 1 , . . . ,Act' N ,Act' e ). 

The above proposition shows how to eliminate one by one all the occurrences of the cooperation modal- 
ities in an any given ATLf R formula % with the cooperation modalities appearing only in subformulas of 
the form ((r)) o cp and obtain a CTL + D formula %' such that if % is satisfiable, then so is %' . Now con- 
sider a purely-CTL + D formula of the form ©. The satisfaction of © requires just a transition relation 
for the passage of time to define as it contains no ((r))s and hence no reference to actions. That is, we 
assume a satisfying model of the form 

IS- = {(L i :ie'Le),I-,V) (8) 

where L;, i G E e , / and V are as in interpreted systems, and — is a serial binary relation on the set of 
the global states L^ e that represents the passage of time. We define the remaining interpreted system 
components as follows. We choose the set of actions of each agent i, including the environment, to be 
the corresponding set of atomic propositions Acti from (f5]). For any a G Actz e and any / G Lz e we choose 
t(l,a) to be an arbitrary member of — (I) fl f] {/' G Lz e : The nonemptiness of the latter set is 

guaranteed by the validity of A{Act\ ,Act^,Act e ) in IS , which states that every state has a successor 
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satisfying the conjunction /\ a,- for any given vector of actions a € Actz e - Let IS stand for the system 
obtained by this definition of Ac?,-, i £ E e , and t. It remains to show that 



is equivalent to IS, r \= ((T)) o 9 for any subformula ((r)) o <p eliminated in the process of obtaining (|5). 
For the forward direction, establishing that the actions ary,<p> i £ T provides T with a strategy to achieve 9 
in one step is easily done by a direct check. For the converse direction, if (© is false, then the validity of 
the second conjunctive member of ^} entails that T cannot rule out the possibility that the environment 
can enforce -<(p in one step by choosing its corresponding action 3r,e,q>- 

Formulas of the form [[r]](P r «pUP r ^) 

We first note that no restriction on formulas of the respective more general form [[r]](<pUi//) is necessary 
in the case of complete information. 

Proposition 10 (eliminating [[r]] ( <p U y/) in ATL with complete information) Let p and q be some fresh 
atomic propositions. The satisfiability of 



In the incomplete information case our approach suggests replacing [[[r]](Pr<pUPry/")/,P]/£ by 
X A D VD(pV^P r y'V(Pr<pA[[r]]o 9 )) 
A D VD(^^Pr^V(Pr<pA[[r]]o j p)) 
A D VD (/?=>- P r VV(P r <pA...)). 

where, in a forest-like system IS, q is supposed to mark states which are reached from runs r in which T 
cannot achieve (Pr-pUPr^) when T's actions a are complemented on behalf of the non-members of T 
by some actions b auri that foil the objective, and ... is supposed to express that any sequence of vectors 
of actions a\,a2,--- S Actr when complemented by the corresponding b ai>n , b ai , n ,... can generate a 
sequence r\,r*i,... of finite runs, starting with the reference one, each of them being r-indiscernible 
from the extension of the previous one, by the outcome of the respective a^-b ak ^ k , such that there exists a 
k < CO with IS, rj \=qA Dr«p, j = 1, . . . , k — 1, and IS, r& |= ->q V Dr^"- The fixpoint construct that would 
best serve expressing this condition can be written as ptX.a V (j3 A PpVoX) in the modal /I -calculus (cf. 
e.g. IIBS061 ). Finding a substitute for it in CTL + D appears problematic. 

Concluding remarks 

Our approach is inspired by temporal resolution [FDP01], which has been extended to epistemic LTL 
HDFW981 and to (non-epistemic) CTL and CTL* RBF99[|BDF99l , the latter system being the closest to 
our target system CTL + D. Following the example of these works, a resolution system for CTL + D 
could be proved complete by showing how to reproduce in it any proof in some complete, e.g., Hilbert 




(9) 



m(<pvv)/p]z 

in ATL with complete information is equivalent to the satisfiability of 

X A VQ(pV^^V((pA[r]o 9 )) 
A Vn(^<^^V((pA[[r]]o j p)) 



(10) 
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style proof system. A complete axiomatization for epistemic CTL* with perfect recall can be found in 
[vdMK03], but the completeness was demonstrated with respect to the so-called bundle semantics, where 
a model may consist of some set of runs that need not be all the runs generated by a transition system, 
and the form of collective knowledge considered in [vdMK03] is common knowledge, whereas we have 
distributed knowledge. The setting for the complexity results from HHV861 is similar. The tableau-based 
decision procedure for epistemic CTL with both common and distributed knowledge from [GS09b | does 
not cover the case of perfect recall. To the best of our knowledge no decision procedure of feasible 
complexity such as the resolution- and tableau-based ones that are available for so many closely related 
systems from the above works has been developed yet for validity in CTL + D with perfect recall. 
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